The present invention generally relates to authenticating wireless clients on a wireless network, and more particularly to a method for authenticating 802.1X clients when roaming between access points.
Most current 802.11 network-level authentication protocols require a substantial amount of real time to re-establish a wireless station's connectivity to the network after that station roams from one access point (AP) to another access point. Typically, when a station associates with a first access point, it has to be authenticated through a true authentication server. When the station roams to a new access point, the station must again authenticate itself with the authentication server which does a full challenge request and response. A new accounting session is then established. This method relies on the initial authentication as a means for key rotation and generates a new accounting session for each roam, causing an unnecessary session teardown and restart.
This delay in re-establishing connectivity greatly impacts 802.11 Quality of service (QoS) to the point that some upper-level protocols, such as Voice-over-IP (VoIP), actually fail. Furthermore, each roam commonly necessitates interaction with a site's Authentication, Accounting, and Authorization (AAA) servers, resulting in a significant increase in server load, to the point at which some servers fail to provide the necessary rate of authentications requests for the 802.11 stations.
Thus, the need exists for a fast, secure and reliable method for authenticating a station when the station roams from one access point to another that decreases traffic to the authentication server.